By far the most requested new feature in the last two months was the ability to encrypt all traffic between phpLiveDocx and the backend service LiveDocx.

I am very happy to let you know that the LiveDocx guys have just implemented this in their service and that I have also updated the Tis_Service_LiveDocx_* classes. As of phpLiveDocx version 1.0-20090421, you can now specify in the constructor whether or not to use SSL.

Connect to LiveDocx with SSL

The default is to connect with SSL:

$mailMerge=new Tis_Service_LiveDocx_MailMerge('username','password');

Alternatively, you can explicitly specify to use SSL (note new third parameter):

Connect to LiveDocx without SSL

However, please remember, if you do not use SSL, all traffic between your application and the backend service is transmitted unencrypted and potentially can be read by any man in the middle. You should therefore not allow personal or financial data to be entered into your application, if you choose to not encrypt all traffic.

You can download the current version with SSL support from the download section.

As ever, feedback and comments are welcome!

Updated on May 15, 2009: As of phpLiveDocx 1.0-200905015 all traffic with LiveDocx is over SSL. SSL may no longer be de-activated. The third parameter of the constructor, as described above, has been removed again.

5 Responses to “phpLiveDocx now with SSL encryption”

Thanks for this. I have downloaded the new class library and updated my application. I think it is much better to transfer all data to LiveDocx using SSL — at least that way, you can be quite sure that no one is going to steal your data, while it is in transit. Paul

That is the general idea: Using SSL, you can encrypt all traffic to the backend service. I would wholeheartedly recommend always using SSL when sending data across the Internet, regardless of whether the data is of sensitive nature or not. Using SSL does have some overhead (very little), but most of the time, you should not notice any performance degradation.

I think you should disable the non SSL version all together. After all, just submitting a username and password over a non SSL encrypted connection is risky. I have already set up my project to run exclusively over SSL.

You are not the only one who suggested that SSL should be mandatory. Correspondingly as of phpLiveDocx 1.1-20090512 all traffic with LiveDocx is over SSL. SSL may no longer be de-activated. The third parameter of the constructor, as described in the above post, has been removed again.